xmrig | NEAS[.]b81ca9cabbfd9b872a88fde4344b6ea0[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.b81ca9cabbfd9b872a88fde4344b6ea0.exe
Size

2.5MB
MD5

b81ca9cabbfd9b872a88fde4344b6ea0
SHA1

db2ba76d67456697092641c233b56e439122e1ad
SHA256

63d8c4ddcefa33ff8f9763077b95c0f63b0086571649bf102a7aee228a80c1ed
SHA512

ce77de0bae869e7c8fdec42826014febe027d11f0d7ba7c836a42f9a8a7399ab223ffe48125632d85d72c7c1de8349371c42b423124b4721c25502ddb62f999c
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIC5aIwC+Aj4k3SJCavKM1W7R+v:BemTLkNdfE0pZrh

Score

10^/10

miner upx xmrig

Malware Config

Signatures

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.b81ca9cabbfd9b872a88fde4344b6ea0.exe

Files

NEAS.b81ca9cabbfd9b872a88fde4344b6ea0.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 724KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE